Назад
Company hidden
1 день назад

Application Security Specialist (AI)

Формат работы
hybrid
Тип работы
fulltime
Грейд
middle
Английский
b2
Страна
Israel
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Application Security Specialist (AppSec): Performing hands-on application penetration testing across web, mobile, and AI/LLM integrations with an accent on threat modeling and secure design reviews. Focus on identifying critical vulnerabilities, supporting remediation strategies, and improving customers' secure SDLC processes.

Location: Hybrid (Herzliya, Israel)

Company

A cybersecurity firm specializing in delivery and application security assessments.

What you will do

  • Conduct penetration testing for web, mobile, API, and AI/LLM integrations.
  • Perform threat modeling and secure design reviews to identify risks early in the development lifecycle.
  • Provide practical remediation guidance and secure coding training to development teams.
  • Evaluate and optimize customers' application security development lifecycles, vulnerability management, and security gates.
  • Lead client-facing discussions regarding assessment scoping and vulnerability walkthroughs.

Requirements

  • 2+ years of hands-on experience in application penetration testing.
  • Strong understanding of OWASP Top 10 and CWE Top 25.
  • Familiarity with high-level programming languages such as Java, JS, or Python.
  • Relevant certifications such as EWPTX or OSWE.
  • Strong English communication skills for client-facing technical discussions.

Nice to have

  • Deep understanding of LLM Top 10, AI security risks, and AI/LLM hacking techniques.
  • Proven experience in secure code review or high-level code auditing.
  • Knowledge of Secure SDLC methodologies, including Microsoft SDL, OWASP SAMM, and OWASP ASVS.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →